Donation Store allows you to setup webhooks which are executed whenever a particular event occurs on your webstore. They are a great way to extend the functionality of Donation Store and customise it. A webhook will make a request to a particular URL with JSON data that you choose. This request should be handled by a script of your choice. The beauty of this is that you can host your webhooks separately, away from Donation Store and write them in a completely different language. If you do not want this, you can also create custom scripts within the Donation Store application which can be called. (More on this at the end of the article). So far there are two types of webhooks:
- Payment Webhooks
- User Verification Webhooks
The following goes into detail on how to set them up and what is expected for using them. All Donation Store plans come with the ability to use webhooks.
Setting up Webhooks
To setup a payment webhook, go to the "Webhooks" section of the Donation Store control panel (on the webstore of your choice). This can be found in the left hand navigation bar in the control panel. Once there click "Create Webhook".
You must provide the following information to create a webhook:
- URL: The URL that Donation Store will send a request to when the particular event happens.
- Secret: The secret key (made by you) that is used to sign the request for security.
- Execute When: When the webhook is to be executed.
Currently there are two types of webhooks, but there are plans to add more as people request them.
Payment webhooks get executed once a payment has been made. They are only made after the customer's selected payment gateway responds that the payment was made successfully. A payment webhook could be used to perhaps add forum titles, Discord roles, trigger in-game events or even for recording your own statistics.
To make sure all requests received by you are legitimate, we recommend that you check the signature sent. The signature sent is calculated using a sha256 of the secret, the transaction id, the UUID of the user who purchased the item and their email. This should be concatenated with the secret and then hashed. To check, the string would be generated using the following (implemented in Python):
The signature is sent in the HTTP_AUTHORIZATION header.
When sent, Donation Store expects a code 200 response from your script when it receives the below payload. If it does not receive this code, it will try up to 5 times until the webhook is recorded as failed. Donation Store will send this data using a HTTP POST request.
User Verification Webhooks
The user verification webhook is used to validate a user logging into your webstore. It will only check to see if a user is verified on that particular store, so if you have more than one store, they each need that webhook set.
The rules for verification are entirely up to you and can range from checking if the user is banned on a list, checking if they have logged into a server before, or even checking to see if they have an account on your forum etc.
The webhook will send a HTTP request to your webhook where you can do any checks that you desire. If the user is verified you return a success message (example below), if not you send an unsuccessful message with a message set of your choice that will be displayed on your webstore as an error message.
Donation Store does requires a sha256 like the Payment Webhook but concatenates the webhook secret, the user's uuid and their IP address. An example of this in Python would be:
Donation Store will send HTTP post request with the following information:
Donation Store then expects one of the following response.
If you need help with these web hooks please open a technical support ticket and we will be glad to help!